SSL证书请求文件(CSR)生成指南 - Resin
重要注意事项 An Important Note Before You Start
在生成CSR文件时同时生成您的私钥,如果您丢了私钥或忘了私钥密码,则颁发证书给您后不能安装成功!您必须重新生成私钥和CSR文件,免费重新颁发新的证书。为了避免此情况的发生,请在生成CSR后一定要备份私钥文件和记住私钥密码,最好是在收到证书之前不要再动服务器。
By far the most common problem users have when going through this process is related to private keys. If you lose or cannot access a private key, you cannot use the certificate we issue to you and will need to request a free reissue. To ensure this never happens, we advise that a backup of the private key file is made and that a note is made of the password that is used to protect the export of the private key.
您可以使用"keytool"来生成私钥和CSR文件,如果您的服务器上没有安装keytool,请先下载安装:
The utility "keytool" that you use to generate the private key (keyEntry) and CSR comes with the Sun JDK toolkit. If you do not have JDK installed please download it from the following link: http://java.sun.com/J2SE/downloads.html,We recommend that the latest version be used, which is 1.5.0.
1. 安装JSSE INSTALL JSSE
请到SUN Java网站下载和安装JSSE: http://java.sun.com/Products/jsse/,并把 jsse.jar、jcert.jar、
jnet.jar 复制到目录:$JAVA_HOME/jre/lib/ext
2. 添加SSL安全服务提供者 ADD THE SSL SECURITY PROVIDER
修改 $JAVA_HOME/jre/lib/security/java.security文件中的:
security.provider.2=com.sun.net.ssl.internal.ssl.Provider
3. 生成证书请求文件(CSR) GENERATE THE CSR
请按照如下命令生成CSR文件:
cd /usr/local/resin/
mkdir keys
cd keys
keytool -genkey -keyalg "RSA" -keystore server.keystore
keytool -certreq -keystore server.keystore > csr.txt
4. 提交CSR文件给WoTrust SUBMIT the CSR to WoSign
生成CSR后,建议您自己测试一下生成的CSR文件是否正确,请点击 这里 测试您的CSR文件。请把测试成功的CSR文件发给WoSign即可。请一定不要再动您的服务器,等待证书的颁发。
To submit the CSR to WoSign for processing you should start the certificate enrollment process.
5. 备份私钥文件 Backup your private key
请备份您的keystore文件并记下私钥密码。最好是把私钥文件备份到软盘或光盘中。
Please backup your keystore file and make a note of the password. A good choice is to create a copy of this file onto a diskette or other removeable media.